<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>guestbook - login</title>
<?php
session_start();
define('IN_TG', true);
define('SCRIPT', 'login');
require_once dirname(__FILE__) . '/includes/common.inc.php';
require_once ROOT_PATH . 'includes/title.inc.php';
include_once ROOT_PATH . 'includes/register.func.php';
_login_state();
  global $_link;//仅用来消除本页面，变量没定义的警告
// 全写在注册页，提高代码的重用性~
if ($_GET['action'] == 'login') {
    _check_code($_POST['code'], $_SESSION['code']);
    $_clean[] = array();
    $_clean['name'] = _check_name($_POST['name']);
    $_clean['password'] = mysqli_real_escape_string(_link(), $_POST['password']);
    $_clean['time'] = _check_time($_POST['time']);
    
    // 查询数据库,判断是否有此用户
    $_sql = "SELECT `tg_username` FROM `tg_user` WHERE `tg_user`.`tg_username` ='{$_clean['name']}' LIMIT 1";
    _query($_link, $_sql);
    if (mysqli_affected_rows($_link) == 1) {
        // 判断用户是否激活
        $_sql = "SELECT `tg_username`,`tg_active` FROM `tg_user` WHERE `tg_user`.`tg_username` ='{$_clean['name']}' AND `tg_user`.`tg_active` ='' LIMIT 1";
        _query($_link, $_sql);
        if (mysqli_affected_rows($_link) == 1) {
            // 判断用户密码是否正确
            $_sql = "SELECT `tg_username`,`tg_uniqid`,`tg_password` FROM `tg_user` WHERE `tg_user`.`tg_username` ='{$_clean['name']}' AND `tg_user`.`tg_password` = sha1({$_clean['password']}) LIMIT 1";
            _query($_link, $_sql);
            if (mysqli_affected_rows($_link) == 1) {
               $_resut =  _fetch_assoc($_link, $_sql);
                //登陆成功跳转到首页
                mysqli_close($_link);
                // 销毁session
                session_destroy();
                _setcookies($_resut['tg_username'], $_resut['tg_uniqid'],$_clean['time']);
                
                _location('index.php', NULL);
            } else {
                //销毁session
                session_destroy();
                mysqli_close($_link);
                _location('login.php', '密码错误，请重新登陆！');
            }
        } else {
            // 判断用户帐号密码是否匹配，且未激活。
            $_sql = "SELECT `tg_username`,`tg_password` FROM `tg_user` WHERE `tg_user`.`tg_username`='{$_clean['name']}'AND `tg_user`.`tg_password` = sha1({$_clean['password']}) LIMIT 1";
            _query($_link, $_sql);
            if (mysqli_affected_rows($_link) == 1) {
                $_sql = "SELECT `tg_username`,`tg_active` FROM `tg_user` WHERE `tg_user`.`tg_username` ='{$_clean['name']}' LIMIT 1";
                $_resut = _fetch_assoc($_link, $_sql);
                //销毁session
                session_destroy();
                mysqli_close($_link);
                _location('active.php?active=' . $_resut['tg_active'], '激活后，重新登陆！');
            } else {
                session_destroy();
                mysqli_close($_link);
                _location('login.php', '密码错误！');
            }
        }
    } else {
        session_destroy();
        mysqli_close($_link);
        _location('login.php', '用户名不存在，请重新登陆！');
    }
}
?>
<script type="text/javascript" src="js/code.js"></script>
<script type="text/javascript" src="js/login.js"></script>
</head>
<body>

<?php
require_once ROOT_PATH . 'includes/header.inc.php';
?>

<div id="login">
		<h2>会员注册</h2>
		<form method="post" name="login" action="login.php?action=login">
			<ul>
				<li><label>用户名称：</label><input type="text" name="name" class="text" /></li>
				<li><label>输入密码：</label><input type="password" name="password"
					class="text" /></li>
				<li><label>保留：</label><input type="radio" name="time" value="0"
					checked />不保留 <input type="radio" name="time" value="1" />一天<input
					type="radio" name="time" value="2" />一周<input type="radio"
					name="time" value="3" />一月</li>
				<li><label>验证码：</label><input type="text" name="code"
					class="text yzm" /><img id="code" src="code.php" /></li>
				<li><input type="submit" class="submit" value="登陆" /><input
					type="button" class="button" value="注册" /></li>
			</ul>
		</form>
	</div>
	
<?php
require_once ROOT_PATH . 'includes/footer.inc.php';
?>

</body>
</html>